Backup system, method therefor, and program

ABSTRACT

Backup system and method that can determine a backup destination in consideration of disaster are provided. There are provided: a data acquisition unit 110 that acquires disaster information, network information, and node information; a replication group construction unit 130 that generates, based on the disaster information, and the like, replication group information including association information between a first node that stores original data and one or more second nodes that are candidates for backup destination of the original data, and saves the replication group information in a storage unit 120; a replication destination node calculation unit 140 that, when executing backup of the original data, calculates the second node as backup destination from the replication group; and a replication processing unit 230 that replicates and stores the original data into the storage of the second node.

TECHNICAL FIELD

The present invention relates to a backup system that store data storedin storage deployed at a node in a network into another storage deployedat another nodes.

BACKGROUND ART

In recent years, as video Internet of Things (IoT) becomes widespread,security cameras have been disposed for various purposes such as crimeprevention in stores and ecological records of animals, and createdvideo files (hereinafter referred to as simply “files”) are stored instorage placed at a location (node) via a network for a long period,enabling viewing, analysis, and the like of the videos at remotelocations.

Here, in order to prevent file loss due to storage failures or the like,files are replicated in another storage at the same location or anotherstorage at another location. Especially, in the case that disasteravoidance is assumed, files are replicated at multiple locations (e.g.,multiple data centers), thereby preventing file loss due to disaster. Itis believed that such file loss caused by disaster can be prevented byreplicating files at data centers separated from each other by 500 km ormore (for example, Tokyo and Osaka) in the domestic case, and at datacenters in different countries in the foreign case.

CITATION LIST Non Patent Literature

-   Non Patent Literature 1: Qasmi, Wasiq Noor Ahmad, et al. “A    comparative study of failover schemes for IaaS recovery.”    Information Networking (ICOIN), 2018 International Conference on.    IEEE, 2018-   Non Patent Literature 2: Li, Xiaole, et al. “Redundancy-Guaranteed    and Receiving-Constrained Disaster Backup in Cloud Data Center    Network.” IEEE Access 6 (2018): 4766647681-   Non Patent Literature 3: Ferdousi, Sifat, et al. “Disaster-aware    data-center and content placement in cloud networks.” 2013 IEEE    International Conference on Advanced Networks and Telecommunications    Systems (ANTS). IEEE, 2013.-   Non Patent Literature 4: Alshammari. Mohammad M., et al. “Disaster    recovery in single-cloud and multi-cloud environments: Issues and    challenges.” 2017 4th IEEE International Conference on Engineering    Technologies and Applied Sciences (ICETAS). IEEE, 2017.

SUMMARY OF THE INVENTION Technical Problem

However, because resources (storage) that store files by replication,that is, a lot of locations that are replication destinations aredistributed in a wide area, it is difficult to select the physicalreplication destination according to the assumed disaster. Further, evenif the physical replication destination is determined, replication maynot be possible due to the fact that the remaining resources in thereplication destination are low when actually attempting replication.

On the other hand, there are existing techniques for access to backupsites (Non Patent Literature 1) and backup method (Non Patent Literature2). However, Non Patent Literature 1 describes how failover method ofapplication accesses a predetermined backup site, but does not describeany technique of specifying the physical distribution destination. Inaddition. Non Patent Literature 2 describes how the transmission orderand throughput are set in consideration of the bandwidth usagecondition, but does not describe contents physically disposed.

Thus, no technique of determining the physical replication destinationhas been established yet.

In light of the foregoing, an object of the present invention is toprovide a backup system and method that can determine a backupdestination in consideration of disaster.

Means for Solving the Problem

To achieve the above object, the present invention provides a backupsystem, in a network including a plurality of nodes, each of theplurality of nodes to which storage is deployed, for replicating andstoring original data stored in storage of a first node of the pluralityof nodes into storage of at least one second node of the plurality ofnodes, the backup system including an information acquisition unitconfigured to acquire disaster information, network information, andnode information, a backup destination node information generation unitconfigured to, based on the disaster information, the networkinformation, and the node information, generate backup destination nodeinformation including association information between the first nodethat stores the original data and one or more second nodes of the atleast one second node that are candidates for backup destination of theoriginal data, and save the backup destination node information in apredetermined storage unit, a backup destination node calculation unitconfigured to, when executing backup of the original data, calculate asecond node of the at least one second node as the backup destinationfrom the one or more second nodes that are the candidates for the backupdestination included in the backup destination node information, and abackup execution unit configured to replicate and store the originaldata from the storage of the first node into the storage of the secondnode that is calculated.

Effects of the Invention

According to the present invention, because the node of the backupdestination is determined in consideration of the disaster information,a suitable backup system that is resistant to disaster can beconstructed. In addition, according to the present invention, the backupdestination node information including the association informationbetween the first node that stores the original data and the one or moresecond nodes that are candidates for backup destination of the originaldata is generated in advance. Then, when executing backup of theoriginal data, the second node is calculated as the backup destinationfrom among the one or more second nodes that are candidates for thebackup destination included in the backup destination node information.As a result, the backup destination calculation processing need not takeinto account all of the nodes, reducing the load of the calculationprocessing.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram illustrating a network configuration assumed in thepresent invention.

FIG. 2 is a diagram illustrating a configuration of a replication systemaccording to an embodiment of the present invention.

FIG. 3 is a functional block diagram of a master server according to theembodiment of the present invention.

FIG. 4 is a diagram illustrating an example of disaster information.

FIG. 5 is a diagram illustrating a replication group.

FIG. 6 is a flowchart illustrating replication group constructionprocessing.

FIG. 7 is a diagram illustrating an example of replication groupconstruction.

FIG. 8 is a flowchart illustrating processing of a replicationdestination calculation unit.

FIG. 9 is a diagram illustrating an example of calculation of thereplication destination.

FIG. 10 is a functional block diagram of a replication execution device.

FIG. 11 is a diagram illustrating Example 1 of the present invention(replication group construction example 1).

FIG. 12 is a diagram illustrating Example 2 of the present invention(replication group construction example 2).

FIG. 13 is a diagram illustrating Example 3 of the present invention(replication destination node calculation example 1).

FIG. 14 is a diagram illustrating Example 4 of the present invention(replication destination node calculation example 2).

FIG. 15 is a diagram illustrating Example 5 of the present invention(replication destination node calculation example 3).

FIG. 16 is a functional block diagram of a master server according toanother embodiment.

FIG. 17 is a functional block diagram of a replication execution deviceaccording to another embodiment.

FIG. 18 is a diagram illustrating the replication completed state bystatic disaster information.

FIG. 19 is a flowchart illustrating processing for dynamic disasterinformation.

FIG. 20 is a diagram illustrating the dynamic disaster information.

FIG. 21 is a diagram illustrating disaster determination for the dynamicdisaster information.

FIG. 22 is a diagram illustrating execution determination for thedynamic disaster information.

FIG. 23 is a diagram illustrating selection of additional nodes for thedynamic disaster information.

FIG. 24 is a diagram illustrating backup to an additional node.

FIG. 25 is a diagram illustrating backup to the additional node usingpriority.

FIG. 26 is a diagram illustrating backup to the additional node usingpriority.

FIG. 27 is a diagram illustrating the deletion of the temporary datafrom the additional node.

DESCRIPTION OF EMBODIMENTS

First, a network configuration assumed in the present invention will bedescribed with reference to FIG. 1. FIG. 1 is a diagram illustrating thenetwork configuration assumed in the present invention.

As illustrated in FIG. 1, the network is configured such that aplurality of nodes 10 each are connected to other nodes 10 viarespective links 20. Storage (not illustrated) that stores files isdeployed at each node 10. Each node 10 corresponds to a geographicallyisolated location. Examples of the node 10 include a data center and abase station. The link 20 is a line connecting the nodes 10 to eachother. Note that the network topology is not limited to that illustratedin FIG. 1, and may be any of a mesh structure, a hierarchical structure,a tree structure, a combination thereof, and the like. The network maybe constituted of a single carrier network, may be constituted of aplurality of carrier networks, or may include the Internet.

The node 10 is connected to a terminal 1, such as a video IoT terminal,which generates data and stores the data in the storage of the node 10.In other words, at the application level, the node 10 accommodates theterminal 1. The type, form, and the like of the terminal 1 are notspecifically limited. Note that, in the present application, data thatis generated by the terminal 1 connected to the node 10 and stored inthe storage of the node 10 connected to the terminal 1 (in other words,original data to be backed up) is referred to as primary data 12. Datathat is replicated from the primary data 12 and stored in storage ofanother node 10 is referred to replication data 13.

The backup system according to the present embodiment previouslyconstruct a group indicating candidates for the node 10 that is a backupdestination for the primary data 12. Then, at execution of backup, thebackup system according to the present embodiment calculates the node 10that is the backup destination from the group, and backs up the primarydata 12 into the storage of the calculated node 10.

Note that the “backup” according to the present embodiment may bereplication that is real-time backup of data stored in the node 10, orbackup of data stored in the node 10 on a regular basis or at any time,such as a regular backup. A replication system according to anembodiment of the present invention will be described below withreference to drawings.

FIG. 2 is a diagram illustrating the configuration of a replicationsystem according to the present embodiment. As illustrated in FIG. 2,the replication system includes a master server 100 that controlsreplication, and a replication execution device 200 deployed at eachnode 10. The master server 100 may be deployed anywhere within thenetwork as long as it is capable of communicating with each node 10. Theimplementations of the master server 100 and the replication executiondevice 200 are not specifically limited, and may be implemented asdedicated devices, may be implemented by installing a program on ageneral-purpose device or a virtualization environment thereof, or maybe implemented in a distributed manner.

FIG. 3 is a functional block diagram of the master server. Asillustrated in FIG. 3, the master server 100 includes a data acquisitionunit 110, a storage unit 120, a replication group construction unit 130(backup destination node information generation unit), and a replicationdestination calculation unit 140 (backup destination node calculationunit). Here, the data acquisition unit 110 acquires various data such asdisaster information, network information, node information. The storageunit 120 stores and holds the acquired data, and stores and holdsreplication group information described below. The replication groupconstruction unit 130 constructs a replication group described below.

The data acquisition unit 110 acquires the disaster information from apredetermined cloud server or by an input of the administrator, andstores the disaster information in the storage unit 120. Here, thedisaster information (static disaster information) refers to informationabout an area (disaster area) where damage is expected to occur due todisaster such as earthquake, and includes area information (the extentof disaster), strength information (e.g., seismic intensity of 7, 6upper for the earthquake, and height for the tsunami). Examples of thedisaster of interest include not only disaster such as a particularearthquake (Nankai Trough giant earthquake, large earthquake occurringdirectly under the capital, etc.), but also hazards associated with theabove-mentioned disaster (e.g., tsunami associated with earthquake).Further, the disaster information is not limited to the seismicintensity data and the tsunami data, and may be data about anything thatdamages buildings that accommodate the storage and the like. Note thatas illustrated in FIG. 4, the disaster area of certain disaster does notalways match the disaster area of hazard associated with the disaster.In the example in FIG. 4, an area 91 related to earthquake with aseismic intensity of 7 contains the nodes 10 having node IDs “A” and“B”, and an area 92 related to tsunami associated with the earthquake 7contains the nodes 10 having nodes IDs “B” and “C”. Because governmentand private enterprises provide the disaster information via thenetwork, the data acquisition unit 110 can acquire the disasterinformation via the network.

The data acquisition unit 110 acquires network information from anetwork device that constitutes the network or a management device thatmanages the network via the network, or an input of the administrator,and stores the acquired network information in the storage unit 120.Here, the network information is information indicating the networkconfiguration illustrated in FIGS. 1 and 2, and includes staticinformation such as geographic location information about each node 10,network connectivity status (network topology) between the nodes 10, theband and link cost of each link 20, and the number of hops between thenodes 10. In some examples, the network information may includedynamically changing information such as the band usage rate of eachlink 20. Note that the number of hops can be calculated from the networktopology, and thus may not be stored in the storage unit 120.

In addition, the data acquisition unit 110 acquires node informationfrom a management device deployed at each node 10 or a management devicethat centrally manages the nodes 10 via the network, or from an input ofthe administrator, and stores the acquired node information in thestorage unit 120. Here, the node information includes identificationinformation about the node 10, and the various information about thestorage of the node 10. The various information about the storageincludes static information such as the storage capacity of the entirenode 10 at which the storage is deployed, and the writing speed of thestorage. In some examples, the storage information may includedynamically changing information such as the remaining storage capacity.

When static information among the various information stored in thestorage unit 120 is updated, the replication group construction unit 130creates a replication group based on the various information stored inthe storage unit 120, and stores information about the createdreplication group in the storage unit 120.

The replication group will be described with reference to FIG. 5. Thereplication group refers to information associating (correlating) thenode 10 that saves the primary data 12 with one or more nodes 10 thatare candidates of the replication destination for the primary data 12.In the present embodiment, as illustrated in FIG. 5, the replicationgroup information consists of an ordered set including identificationinformation about the plurality of nodes 10. A first element of thereplication group information represents the identification informationabout the node 10 that saves the primary data 12. In addition, one ormore elements following the first element of the replication groupinformation represent the identification information about the nodes 10that are candidates for the replication destination. The number of nodesn_p in the group may be previously stored in the storage unit 120 or maybe dynamically calculated based on service level agreement (SLA) and thelike. Note that, in the drawings of the present application, thereplication group is abbreviated as “RG” as necessary.

Replication group construction processing will be described withreference to FIG. 6. FIG. 6 is a flowchart illustrating the replicationgroup construction processing. The construction processing is executedat update of the disaster information collected by the data acquisitionunit 110, update of static information among the network information,and update of static information among the node information.

First, the data acquisition unit 110 acquires the disaster information,the network information, and the node information (Step S1). Next, thereplication group construction unit 130 acquires, from the storage unit120, the number of nodes n_p in replication, and the node ID of the node10 that stores the primary data 12 (Step S2). Next, the replicationgroup construction unit 130 excludes, from all nodes 10, other nodes 10included in the same disaster as the disaster area in which the node 10is included. Further, the replication group construction unit 130selects n_p−1 nodes 10 from the remaining nodes 10 as a candidate forreplication destination according to a predetermined selectionalgorithm. Through these processing operations, the replication groupconstruction unit 130 extracts the candidate for replication destinationof the node 10 from all nodes 10 (Step S3). The above processing isexecuted on all of the nodes 10 that store the primary data 12 (StepS4). The replication group construction unit 130 stores the generatedreplication group information in the storage unit 120.

In the selection processing in Step S3, the replication groupconstruction unit 130 refers to the node information stored in thestorage unit 120 to select n_p−1 nodes 10 as the candidate forreplication destination from the remaining nodes 10 according to thepredetermined selection algorithm.

Examples of the selection algorithms include (a) randomly selecting thenode, (b) selecting the node having a smallest network distance (numberof hops) from the node that stores the primary data 12, (c) selectingthe node having a largest storage capacity, and the like. Note that inthe selection processing (b) and (c), when the number of nodes cannot benarrowed down to n_p, the node 10 with a smallest number of disasters inwhich each node 10 is included may be further selected, or the node 10may be randomly selected.

The above (a) has the advantage of the simplest implementation. Theabove (b) has the advantage of reducing the consumption of networkresources and processing time during replication. Further, the above (c)has the advantage of reducing the frequency of running out of thestorage capacity of the entire replication group. FIG. 7 illustrates anexample of replication group construction for the node 10 having thenode ID “A”. In the example in FIG. 7, the above (b) is used as theselection algorithm.

The function of the replication destination calculation unit 140 will bedescribed with reference to FIG. 8. FIG. 8 is a flowchart illustratingreplication destination calculation processing.

The replication destination calculation unit 140 starts replicationdestination calculation processing based on a data detectionnotification received from the replication execution device 200 of thenode 10. The replication destination calculation unit 140 firstacquires, from the storage unit 120, the replication group for the node10 that is the source of the data detection notification (Step S11).Next, the replication destination calculation unit 140 acquires thenetwork information and node information required for the calculationfrom the storage unit 120 (Step S12). In some examples, the replicationdestination calculation unit 140 acquires static information as well asdynamic information according to a calculation algorithm describedbelow. When the dynamic information is stored in the storage unit 120,the replication destination calculation unit 140 may acquire the dynamicinformation. In addition, the replication destination calculation unit140 may acquire dynamic information in real-time from the dataacquisition unit 110.

Next, the replication destination calculation unit 140 calculates afollowing node 10 based on the various information acquired in Steps S11and S12 using a predetermined calculation algorithm (Step S13). Thefollowing node 10 is another node 10 that is a replication destinationfor the primary data 12 stored in the storage of the node 10 that is thesource of the data detection notification. The replication destinationcalculation unit 140 transmits the node ID of the calculated node 10that is the replication destination to the replication execution device200 (Step S14).

The calculation processing of the replication destination calculationunit 140 will be described. When the number of nodes n_p is 2, thereplication destination is uniquely determined. When the number of nodesn_p is larger than 2, that is, when a plurality of nodes 10 that arecandidates for replication destination are present in the replicationgroup, the node 10 is calculated according to the above-mentionedcalculation algorithm.

In the calculation algorithm, as an entire system, based on an indexvalue of storage usage efficiency or cost, or an index value ofthroughput at replication, the node 10 that is the replicationdestination is calculated so as to optimize the index value. Forexample, (a) a calculation algorithm in which the replicationdestination calculation unit 140 determines the replication destinationbased on the remaining storage capacity can be mentioned. Alternatively,(b) a calculation algorithm in which the replication destinationcalculation unit 140 determines the replication destination based on theavailable bandwidth of the band can be mentioned. Alternatively. (c) acalculation algorithm in which the replication destination calculationunit 140 determines the replication destination based on the writingspeed of the disk (low-cost disk) can be mentioned. Alternatively, (d) acalculation algorithm in which the replication destination calculationunit 140 determines the replication destination based on the number ofhops from the node 10 that stores the primary data 12 can be mentioned.

The above (a) has the advantage that it is possible to reduce thefrequency that the storage capacity becomes insufficient. The above (b)has the advantage that it is possible to minimize the shortage of theband of the link 20. The above (c) has the advantage that low-costreplication is possible. The above (d) has the advantage of improvingthe usage efficiency of resources of the network and reducing round triptime (RTT).

Note that the selection algorithm of the replication group constructionunit 130 and the calculation algorithm of the replication destinationcalculation unit 140 are independent, and may be combined in any manner.

FIG. 9 illustrates an example of replication to the node having a largeremaining storage capacity when the replication group consists of (A, C,E). Here, the node C and the node E have the same total storagecapacity, and the remaining storage capacity is expressed in %.

FIG. 10 is a functional block diagram of the replication executiondevice. As illustrated in FIG. 10, the replication execution device 200includes a data detection unit 210, a replication destination inquiryunit 220, and a replication processing unit 230. The data detection unit210 monitors the storage 11 of the node 10, and detects that the primarydata 12 has been saved by the terminal 1. When the data detection unit210 detects the saving of the primary data 12, the replicationdestination inquiry unit 220 inquires the replication destinationcalculation unit 140 of the master server 100 about the node 10 that isthe replication destination. When receiving a response from thereplication destination calculation unit 140, the replicationdestination inquiry unit 220 specifies the node 10 that is thereplication destination and instructs the replication processing unit230 to execute replication. The replication processing unit 230replicates the primary data 12 to the specified node 10.

Example 1

Example 1 of the present invention will be described below withreference to FIG. 11. Example 1 is an example of the construction of thereplication group by the replication group construction unit 130. InExample 1, the selection algorithm of the replication group constructionunit 130 is a selection algorithm that performs selection based on thenumber of hops. In addition, as a result of the selection based on thenumber of hops, when a plurality of candidate nodes are present, thereplication group construction unit 130 further selects a node based onthe number of pieces of disaster information to which the node belongs(preferably selects a node that is not included in the disasterinformation). Note that the number of nodes n_p in the replication groupis 3.

In the following description, the node 10 having the node ID “X” isdenoted as node X.

The replication group construction unit 130 first constructs areplication group in the case where the primary data 12 is saved at anode A. Here, because the node A is included in an area of seismicintensity of 7, a node C, a node D, and a node E that are not includedin the area of seismic intensity of 7 are targets for the replicationgroup. Next, the replication group construction unit 130 selects top twonodes in increasing order of the number of hops (because the replicationgroup includes own node, i.e., the node A). In the example in FIG. 11,the node E has the number of hops of 1, and the node C and the node Dhave the number of hops of 2. Thus, the replication group constructionunit 130 selects the node D, which is not included in the disasterinformation, that is, has a small number of pieces of disasterinformation to which the node belongs, from the node C and the node Dthat have the number of hops of 2. As a result, the replication group inthe case where the primary data 12 is saved at the node A is (A, D, E)as illustrated in FIG. 11.

By performing similar calculation for the node B to the node E, thereplication group in the case where the primary data 12 is included ineach of the nodes is constructed, as illustrated in FIG. 11.

Example 2

Example 2 of the present invention will be described below withreference to FIG. 12. Example 2 is an example of the construction of thereplication group by the replication group construction unit 130. InExample 2, the selection algorithm of the replication group constructionunit 130 is a selection algorithm that selects nodes having a largestorage capacity. Note that the number of nodes n_p in the replicationgroup is 3.

The replication group construction unit 130 first constructs areplication group in the case where the primary data 12 is saved at anode A. Here, because the node A is included in an area of seismicintensity of 7, a node C, a node D, and a node E that are not includedin the area of seismic intensity of 7 are targets for the replicationgroup. Next, the replication group construction unit 130 selects top twonodes in descending order of storage capacity (because the replicationgroup includes own node, i.e., the node A). In the example in FIG. 12,the node D and the node E are selected. As a result, the replicationgroup in the case where the primary data 12 is saved at the node A is(A, D, E) as illustrated in FIG. 12.

By performing similar calculation for the node B to the node E, thereplication group in the case where the primary data 12 is included ineach of the nodes is constructed, as illustrated in FIG. 12.

Example 3

Example 3 of the present invention will be described below withreference to FIG. 13. Example 3 is an example of calculation of thereplication destination by the replication destination calculation unit140. In Example 3, the calculation algorithm of the replicationdestination calculation unit 140 is a calculation algorithm thatdetermines the replication destination based on the remaining storagecapacity. Note that in Example 3, the replication group is constructedin advance in accordance with Example 1 described above.

In Example 3, the data detection unit 210 detects that the primary data12 is saved at the node A. and the replication destination calculationunit 140 calculates the replication destination. In addition, in Example3, it is assumed that the replication group illustrated in FIG. 13 isconstructed in advance.

As illustrated in FIG. 13, because the node A is included in thereplication group (A, C. E), two nodes C, E are selected as candidatesfor the replication destination. Because “the replication destination isdetermined based on the remaining storage capacity” in Example 3, thereplication destination calculation unit 140 acquires the remainingstorage capacity of each node from the storage unit 120 or the dataacquisition unit 110. Here, it is assumed that remaining storagecapacities of the node C and the node E are 50%, 10%, respectively.Thus, the replication destination calculation unit 140 calculates thenode C having a larger remaining storage capacity as the replicationdestination. It is assumed that the node C and the node E have the sametotal storage capacity.

Example 4

Example 4 of the present invention will be described below withreference to FIG. 14. Example 4 is an example of calculation of thereplication destination by the replication destination calculation unit140. In Example 4, the calculation algorithm of the replicationdestination calculation unit 140 is a calculation algorithm thatdetermines the replication destination based on the available bandwidthof the band. Note that in Example 4, the replication group isconstructed in advance in accordance with Example 1 described above.

In Example 4, the data detection unit 210 detects that the primary data12 is saved at the node A, and the replication destination calculationunit 140 calculates the replication destination. In addition, in Example4, it is assumed that the replication group illustrated in FIG. 14 isconstructed in advance.

As illustrated in FIG. 14, because the node A is included in thereplication group (A, C, E), two nodes C, E are selected as candidatesfor the replication destination. Because “the replication destination isdetermined based on the available bandwidth of the band” in Example 4,the replication destination calculation unit 140 acquires the availablecapacity of the link between nodes from the storage unit 120 or the dataacquisition unit 110. Here, the link between nodes i and j is designatedas L_ij. It is assumed that the available capacity of the band of eachlink is as illustrated in FIG. 14.

To prevent shortage of the band in the link, the replication destinationcalculation unit 140 selects the node (C or E) having a largest minimumvalue of available bandwidth between the nodes (the node A and the nodeC, the node A and the node E) as the replication destination. In theexample in FIG. 14, since there are respective 10 and 3 availablebandwidths between the node A and the node C, the number is 3, and sincethere is 7 available bandwidth between the node A and the node E, thenumber is 7. That is, since the minimum value of the available bandwidthbetween the node A and the node E is larger, the replication destinationcalculation unit 140 calculates the node E as the replicationdestination.

Example 5

Example 5 of the present invention will be described below withreference to FIG. 15. Example 5 is an example of calculation of thereplication destination by the replication destination calculation unit140. In Example 5, the calculation algorithm of the replicationdestination calculation unit 140 is a calculation algorithm thatdetermines the replication destination based on the writing speed of thedisk (low-cost disk). Note that in Example 5, the replication group isconstructed in advance in accordance with Example 1 described above.

In this example 5, the data detection unit 210 detects that the primarydata 12 is saved at the node A. and the replication destinationcalculation unit 140 calculates the replication destination. Inaddition, in Example 5, it is assumed that the replication groupillustrated in FIG. 15 is constructed in advance.

As illustrated in FIG. 15, because the node A is included in thereplication group (A, C, E), two nodes C, E are selected as candidatesfor the replication destination. Because “the replication destination isdetermined based on the writing speed of the disk (low-cost disk)” inExample 5, the replication destination calculation unit 140 acquires thewriting speed (or cost) of the disk at each node from the storage unit120 or data acquisition unit 110.

As illustrated in FIG. 15, when the writing speed (cost) of the disk atthe node C and the node E are 40 Mbps ($80/1 TB), 60 Mbps ($100/1 TB),respectively, the replication destination calculation unit 140calculates the low-cost node C as the replication destination.

While one embodiment of the present invention has been described indetail, the present invention is not limited to the embodiment. Forexample, although the above embodiment describes the replication systemthat backs up data stored in the node 10 in real-time, the presentinvention can also be applied to a system that backs up data stored inthe node 10 on a regular basis or at any time, such as regular backup.

Further, although the above embodiment describes the IoT terminal suchas the terminal 1 that outputs video, but the present invention can beapplied to other types of terminals.

Further, although the above embodiment describes data (file) as thetarget for backup, the virtualization environment such as a virtualmachine (VM), a container, or the like other than the data may be atarget for backup. The VM is a virtual server divided from a physicalserver. The container is a virtual user space provided on one OS.

Other embodiments of the present invention will be described below.

OTHER EMBODIMENTS

In an edge computing (EC) environment, it is necessary to prevent areduction in the availability of virtual machines (VM) or containers,data (file) loss, and the like due to a failure of the server orstorage. For this reason, backup (including replication) to anotherserver or storage at the same or another location can be considered.

Especially in the case of assuming disaster recovery (DR), the reductionof availability and file loss are avoided by backing up the VMs,containers, or files at a plurality of locations (e.g., multiple datacenters (DC)).

In EC, resources (such as CPUs, memories, storage, network bands, etc.)are distributed broadly and thus, the resources at each location aretypically scarce. In addition, due to the trade-off with reliablebackup, the usage efficiency of resources is low.

Therefore, when the known backup technique is applied to EC, it isnecessary to enhance the communication band between the nodes (officebuildings), and the servers and the storage in the nodes, leading to anincrease in CAPEX or OPEX. The capital expenditure (CAPEX) refers tofacility investment, and operating expenditure (OPEX) refers tooperational cost.

That is, when only nodes at geographically separated locations areselected as destinations for backup, the number of destinations forbackup is small and the resources at each location is also scarce,resulting in that backup may not achieved. In addition, when backup isexecuted so as to follow disaster with high update frequency of forecastinformation, a lot of resources such as network band and storagecapacity must be prepared in advance, leading to an increase in CAPEX.

In the present embodiment, the necessity of backup is determined usingdynamic forecast information about disasters such as typhoon andlightning, and the required DR level demanded by the user (user failurerate). Thus, in the present embodiment, backup can be achieved accordingto the DR required level of the user. As a result, in the presentembodiment, CAPEX of the infrastructure provider can be reduced todecrease the user's payment cost to the infrastructure provider.

Configuration of Master Server

FIG. 16 is a functional block diagram of the master server according tothe present embodiment. The master server 101 in the present embodiment,similar to the embodiment described above, controls replication thatperforms real-time backup, but may control any type of backup other thanreplication. The illustrated master server 101 includes a dataacquisition unit 110, a replication group construction unit 130, areplication destination calculation unit 140, a damage determinationunit 150, an execution determination unit 160, a priority calculationunit 170, a deletion unit 180, and a storage unit 120.

The data acquisition unit 110 acquires various data such as disasterinformation (disaster forecast information), network information, nodeinformation from a predetermined cloud server or by an input of theadministrator, and stores the data in the storage unit 120. The disasterinformation in the present embodiment includes not only the staticdisaster information described in the embodiments above, but alsodynamic disaster forecast information.

The static disaster information is disaster information with low updatefrequency of information (e.g., once every few years). The dynamicdisaster information is disaster information with high update frequencyof information (e.g., once every few hours). Examples of the dynamicdisaster information include lightning, typhoon, and heavy rain.

The replication group construction unit 130 (backup destination nodeinformation generation unit) generates replication group informationincluding following two types of nodes based on the static disasterinformation. The first type of node is a primary node (first node)including at least one of the data, the VM, or the container. The secondtype of node is one or more second nodes that are candidates for backupdestination of the primary node.

The replication destination calculation unit 140 (backup destinationnode calculation unit) uses at least one of the network information orthe node information to determine the secondary node that is thereplication destination from among the second nodes in the replicationgroup information. The replication destination calculation unit 140 alsodetermines an additional node (third node) to respond to the dynamicdisaster information and adds the additional node to the replicationgroup information.

The damage determination unit 150 determines whether both the primarynode and the secondary node are included in the disaster area of thedynamic disaster information acquired by the data acquisition unit 110.When both the primary node and the secondary node are included in thedisaster area, the execution determination unit 160 determines whetherthe damage rate (EC damage rate) of the primary node and the secondarynode is larger than the user failure rate (DR required level of theuser) demanded by the user. In other words, the damage determinationunit 150 determines the necessity of backup or replication.

The priority calculation unit 170 calculates the resource capacity suchas data size available for backup using network band, disaster arrivalforecast time, remaining storage capacity of the backup destination, andthe like. When the resource capacity required for backup is larger thanthe resource capacity available for backup, the priority calculationunit 170 sets the priority to data, VMs, and containers.

The deletion unit 180 deletes unnecessary temporary data, temporary VM,and temporary container that have been backed up to the additional nodein response to dynamic disaster information.

The storage unit 120 stores various data such as disaster information,network information, and node information that is acquired by the dataacquisition unit 110. The storage unit 120 stores the replication groupinformation.

Configuration of Replication Execution Device FIG. 17 is a functionalblock diagram of a replication execution device according to the presentembodiment. The illustrated replication execution device 201 (backupexecution unit) includes a data detection 210, a replication destinationinquiry unit 220, and a replication processing unit 230.

The data detection 210 in the present embodiment monitors the storage ofthe node 10 and the like to detect that at least one of the data 12, theVM 14, or the container 16 is updated by the terminal 1.

When the data detection unit 210 detects update, the replicationdestination inquiry unit 220 inquires the replication destinationcalculation unit 140 of the master server 101 about the node that is thereplication destination. The replication destination inquiry unit 220specifies the node that is the replication destination, which isnotified from the replication destination calculation unit 140, andinstructs the replication processing unit 230 to execute replication.

The replication processing unit 230 replicates at least one of the data12, the VM 14, or the container 16 to the specified node of thereplication destination. Also, for the dynamic disaster information, w %ben the EC damage rate is the user failure rate or more, the replicationprocessing unit 230 replicates at least one of the data, the VM, or thecontainer that are stored in the primary node or the node that is thebackup destination to the additional node.

Processing of Present Embodiment Hereinafter, processing executed whenthe dynamic disaster information is acquired in the state wherereplication based on the static disaster information has been executedas described in the above embodiment will be described.

FIG. 18 is a diagram illustrating an example of the state wherereplication based on the static disaster information has been executed.Here, an earthquake having a seismic intensity of 7 is forecasted as thestatic disaster information, and the node A and the node B are includedin the disaster area. Also, the replication group (RG) of the node A is(A, E), and the replication destination of the node A is the node E. Thenumber of nodes in the replication group is 2. In this case, the primarydata 12 and the primary VM 14 at the node A are replicated to the node Eand stored in the node E as secondary data 13 (replication data) and asecondary VM 15 (replication VM). The secondary data in the presentembodiment is the same as the replication data of the above-describedembodiment.

In the illustrated example, the target for replication is the data andthe VM, but is not limited thereto. The target for replication may be acontainer. That is, the target for replication may be at least one ofthe data, the VM, or the container.

FIG. 19 is a flowchart illustrating processing according to the presentembodiment. Hereinafter, processing executed when the dynamic disasterinformation is acquired in the state where replication based on thestatic disaster information has been executed as illustrated in FIG. 18will be described.

The data acquisition unit 110 previously acquires the user failure rate,service level agreement (SLA), cost, and the like that are input usingthe user terminal by the user (S21). The user failure rate is thefailure rate demanded for the EC (e.g., FIG. 1) by the user. The usersets a desired user failure rate Pu (e.g., Pu=f(cost)) by weighing thepayment cost to the infrastructure provider.

The user may input, to the master server 101, the SLA, the cost, and thelike, instead of the user failure rate. In this case, the dataacquisition unit 110 may acquire the SLA or the cost input by the user,and calculate the user failure rate Pu using the SLA or cost.

The data acquisition unit 110 acquires dynamic disaster information froma predetermined cloud server or by an input of the administrator (S22).The data acquisition unit 110 acquires, via a network, dynamic disasterinformation (e.g., lightning, typhoon, and the like) updated by thegovernment, commercial companies, and the like with a high frequency.Examples of the dynamic disaster information include area information(disaster occurrence range), intensity information (disaster magnitude),occurrence probability information (disaster occurrence probability),and arrival time information (disaster arrival forecast time). Thedynamic disaster information is updated with a high frequency, and thedata acquisition unit acquires the dynamic disaster information at eachupdate.

The damage determination unit 150 uses the area information of thedynamic disaster information to determine whether both the primary nodeholding the primary data and the primary VM and the secondary nodeholding the secondary data and the secondary VM are included in thedisaster area (S23). In other words, the damage determination unit 150determines whether the primary data and the primary VM, and thesecondary data and the secondary VM are simultaneously damaged. Thedamage determination unit 150 makes determinations for each disastertype of dynamic disaster information.

An object of the present embodiment is to prevent simultaneous damage ofthe primary node (primary data, primary VM, and the like) and thesecondary nodes (secondary data, secondary VM, and the like). Thus, as aresponse to the dynamic disaster information, backup is executed onlywhen the primary node and the secondary node are likely to besimultaneously damaged. The backup also includes replication.

FIG. 20 is an explanatory diagram illustrating the case where thedynamic disaster information is acquired in the replication completedstate illustrated in FIG. 18. The illustrated dynamic disasterinformation includes two pieces of disaster information: typhoon andlightning. The node A and the node B are included in a typhoon disasterarea T. and the node A and the node E are included in a lightningdisaster area K. The disaster occurrence probability at the node A(primary node) is 70% for typhoon and 10% for lightning. The disasteroccurrence probability at the node E (secondary node) is 0% for typhoonand 20% for lightning. Because the node A and the node E are included inthe lightning disaster area K, there is a risk of simultaneous damage bylightning. On the other hand, the node A is included and the node E isnot included in the typhoon disaster area T, there is no risk ofsimultaneous damage by typhoon.

Accordingly, as illustrated in FIG. 21, the damage determination unit150 determines that both the primary node and the secondary node areincluded in the lightning disaster area K (S23: YES), and determines toexecute backup. On the other hand, the damage determination unit 150determines that both the primary node and the secondary node are notincluded in the disaster area T (S23: NO), returns to S22 withoutdetermining to execute backup and then, waits for dynamic disasterinformation to be updated.

When both the primary node and the secondary node are included (S23:YES), the execution determination unit 160 uses disaster occurrenceprobability, disaster strength, EC failure rate, failure resistance, ageof the office building, geographic information, and the like tocalculate the EC damage rate Pm (S24). The EC damage rate Pm is an indexindicating the probability of damage (failure) of the primary node andsecondary nodes in consideration of the occurrence probability ofpossible disaster. In the present embodiment, the EC damage rate Pm iscalculated using a following equation.

EC damage rate Pm=α×Pi×Pj

α denotes the failure rate at occurrence of disaster, which iscalculated using failure resistance, age of the office building,geographic information, and the like. That is, a is an index indicatingthe probability of failure (damage) of the EC if disaster occurs. Here,the evaluation is made using the safest evaluation, α=1 (when disasteroccurs, the EC always fails). Pi is the disaster occurrence probabilityat the primary node i. Pj is the disaster occurrence probability at thesecondary node j. The dynamic disaster information is used for Pi andPj.

In the example in FIG. 22, the probability of occurrence of disaster atnode A (primary node) is defined as Pa=0.1, and the probability ofoccurrence of disaster at the node E (secondary node) is defined asPe=0.2. In this case, the EC damage rate is as follows.

EC damage rate Pm=1×0.1×0.2=0.02

The execution determination unit 160 compares the calculated EC damagerate Pm with the user failure rate Pu acquired in S21 and determineswhether to execute backup (S25). Specifically, the executiondetermination unit 160 determines whether the EC damage rate Pm is theuser failure rate Pu or more (EC damage rate Pm≥user failure rate Pu).When the EC damage rate Pm is the user failure rate Pu or more, thefailure rate demanded by the user is not satisfied and thus, theexecution determination unit 160 determines to execute backup. Theexecution determination unit 160 makes determination for each type oftarget (data, VM).

In FIG. 22, the user failure rate Pu, vm of the VM is defined as 0.3,and the user failure rate Pu, data of the data is defined as 0.01. Theexecution determination unit 160 determines that the EC damage rate Pmis smaller than the user failure rate Pu, vm (Pm<Pu, vm) (S25: NO) andthat backup is unnecessary. On the contrary, the execution determinationunit 160 determines that the EC damage rate Pm is larger than the userfailure rate Pu, data (Pm<Pu, data) (S25: YES), and that the backup isnecessary.

The replication destination calculation unit 140 selects an additionalnode (third node) in response to the dynamic disaster information andadds the additional node to the replication group stored in storage unit120 (S26). The replication destination calculation unit 140 uses aselection algorithm similar to that of the replication constructionprocessing in the above embodiment to determine the additional node thatis the backup destination in response to the dynamic disasterinformation. The number of additional nodes M is at least one, and isstored in the storage unit 120 in advance.

Here, the replication destination calculation unit 140 uses the numberof hops from the primary node or the secondary node to determine theadditional node from among nodes that are not included in the disasterarea. In this case, the replication destination calculation unit 140selects the additional node from among the nodes that are not includedin the disaster area in the increasing order of the number of hops fromthe primary node or the secondary node until the number of additionalnodes M is reached. When the number of the selected additional nodesexceeds the number of additional nodes M due to the presence of aplurality of nodes having the same number of hops, the replicationdestination calculation unit 140 selects the additional node based on,for example, the remaining storage capacity.

In the example illustrated in FIG. 23, the number of additional nodes Mis set to 1. In this case, the nodes that are not included in thelightning disaster area K and have the number of hops of 1 from the nodeA or the node E are the node B and the node D. The remaining storagecapacity of the node B is 500 Tbit and the remaining storage capacity ofnode D is 400 Tbit. In this case, the replication destinationcalculation unit 140 selects the node B having the larger remainingstorage capacity as the additional node, and adds the additional node Bto the replication group. Thus, the replication group for data at thenode A in response to the dynamic disaster information of lightning isupdated from the original (A, E) to (A, E. [B]).

The replication execution device 201 executes backup in response to thedynamic disaster information according to the updated replication group(S27). Specifically, the replication execution device 201 backs up thetarget (data. VM) to be backed up from the primary node or secondarynode near the additional node (the small number of hops) to theadditional node.

When executing backup, the priority calculation unit 170 calculates theresource capacity available for backup (e.g. data size) using networkband, disaster arrival forecast time, remaining storage capacity of thebackup destination, and the like. When the resource capacity requiredfor backup is larger than the resource capacity available for backup,the priority calculation unit 170 sets the priority to data and VMs. Forexample, the priority calculation unit 170 sets the priority to eachdata (file) using data type, data access time, data update time, and thelike. In addition, the priority calculation unit 170 may set thepriority to each file such that the number of files to be backed upbecomes maximum. The replication execution device 201 backs up the datain sequence according to the priority of the data.

Even when the targets for backup are VMs or containers, the prioritycalculation unit 170 sets, as for the data, the priority to the VMs orcontainers using type, access time, update time, and the like.

Note that when the number of additional nodes M is multiple, thereplication destination calculation unit 140 uses a similar calculationalgorithm to that in the above embodiment to determine any oneadditional node. For example, the replication destination calculationunit 140 selects (a) an additional node having available network bandand available storage capacity, (b) an additional node having noavailable network band but available storage capacity, or (c) anadditional node having no storage capacity but available network band.The replication execution device 201 copies the data or VM to theadditional node determined by the replication destination calculationunit 140.

In the example illustrated in FIG. 24, the replication execution device201 of the node A (primary node) near the node B (additional node) backsup the primary data at the node A to the node B as the temporary data17. Here, it is assumed that the data size available for backupcalculated by the priority calculation unit 170 is larger than the datasize required for backup. In this case, because all of the primary datacan be backed up to the node B before lightning arrives, the replicationexecution device 201 executes simple backup.

In the example illustrated in FIG. 25, the data size required for backupis larger than the data size available for backup. In this case, thepriority calculation unit 170 sets the priority to the data. In theillustrated example, the priority calculation unit 170 sets the priorityof the data using the last access time.

Here, it is assumed that the disaster arrival forecast time included inthe disaster information is after one hour, and the network bandwidthbetween the node A and the node B is 10 Gbps. The priority calculationunit 170 calculates 10 Gbps×3600 s=36 Tbit as the data size availablefor backup. The replication execution device 201 rearranges (sorts) thedata at the node A using the last access time, and sequentially backs upthe data starting from the data having the most recent last access time.In the illustrated example, the replication execution device 201 backsup data 40 at the node A in the order of data a and data b. Since thetotal amount of data a and b is 36 Tbit, the data a and b are reliablybacked up, but the other data may not be backed up.

In the example illustrated in FIG. 26, the data size required for backupis larger than the data size available for backup. In the illustratedexample, the priority calculation unit 170 sets the priority of the datausing last update time.

Here, the priority calculation unit 170 calculates the data sizeavailable for backup using the remaining storage capacity of the node Bthat is the backup destination. In other words, the priority calculationunit 170 defines the remaining storage capacity of 500 Tit as the datasize available for backup. The replication execution device 201rearranges the data at the node A using the last update time, andsequentially backs up the data starting from the data having the mostrecent last update time. In the illustrated example, the replicationexecution device 201 backs up data 50 at the node A in the order of dataaaaa, bbbb. Because the total amount of the data aaaa, bbbb is 500 Tbit,the data aaaa and the data bbbb are reliably backed up, but the otherdata are not backed up.

FIG. 27 is a diagram illustrating processing of the deletion unit 180.When lightning passes the node A and node E without damaging the nodesor when no lightning occurs, the temporary data 17 backed up to the nodeB is unnecessary. The deletion unit 180 deletes the unnecessarytemporary data 17. This improves the usage efficiency of resources.

In the present embodiment described above, the necessity of backup inresponse to the dynamic disaster information is determined using theuser failure rate. As a result, in the present embodiment, backup can beachieved according to the disaster countermeasure level demanded by theuser. For this reason, in the present embodiment. CAPEX of theinfrastructure provider can be reduced to decrease the user's paymentcost to the infrastructure provider.

REFERENCE SIGNS LIST

-   1 Terminal-   10 Node-   11 Storage-   12 Primary data-   20 Link-   100, 101 Master Server-   110 Data acquisition unit-   120 Storage unit-   130 Replication group construction unit-   140 Replication destination calculation unit-   150 Damage determination unit-   160 Execution determination unit-   170 Priority calculation unit-   180 Deletion unit-   200, 201 Replication execution device-   210 Data detection unit-   220 Replication destination inquiry unit-   230 Replication processing unit

1. A backup system, in a network including a plurality of nodes, each ofthe plurality of nodes to which storage is deployed, for replicating andstoring original data stored in storage of a first node of the pluralityof nodes into storage of at least one second node of the plurality ofnodes, the backup system comprising: an information acquisition unitincluding one or more processors, configured to acquire disasterinformation, network information, and node information; a backupdestination node information generation unit including one or moreprocessors, configured to, based on the disaster information, thenetwork information, and the node information, generate backupdestination node information including association information betweenthe first node that stores the original data and one or more secondnodes of the at least one second node that are candidates for backupdestination of the original data, and save the backup destination nodeinformation in a predetermined storage unit; a backup destination nodecalculation unit, including one or more processors, configured to, whenexecuting backup of the original data, calculate a second node of the atleast one second node as the backup destination from the one or moresecond nodes that are the candidates for the backup destination includedin the backup destination node information; and a backup execution unitincluding one or more processors, configured to replicate and store theoriginal data from the storage of the first node into the storage of thesecond node that is calculated.
 2. The backup system according to claim1, wherein the backup destination node information generation unit isconfigured to exclude, from all of the plurality of nodes, other nodesof the plurality of nodes included in the disaster information thatincludes a disaster occurrence location including the first node, andselect the one or more second nodes that are the candidates for thebackup destination from among the other nodes that are excluded.
 3. Thebackup system according to claim 1, wherein the backup destination nodecalculation unit is configured to calculate, based on an index value, asan entire system, of storage usage efficiency or cost, or an index valueof throughput at backup, a node of the plurality of nodes from among aplurality of second nodes that are the candidates for the backupdestination included in the backup destination node information so as tooptimize the index value.
 4. The backup system according to claim 1,further comprising a data detection unit including one or moreprocessors, configured to detect saving of the original data in thestorage of the first node, wherein when the data detection unit detectsthe saving of the original data, the backup execution unit is configuredto inquire the backup destination node calculation unit about the secondnode that is the backup destination, and replicate and store theoriginal data into the storage of the second node related to a responseto the inquiry.
 5. A backup method in a backup system, in a networkincluding a plurality of nodes, each of the plurality of nodes to whichstorage is deployed, for replicating and storing original data stored instorage of a first node of the plurality of nodes into storage of atleast one second node of the plurality of nodes, the backup methodcomprising: by an information acquisition unit including one or moreprocessors, acquiring disaster information, network information, andnode information; by a backup destination node information generationunit including one or more processors, based on the disasterinformation, the network information, and node information, generatingbackup destination node information including association informationbetween the first node that stores the original data and one or moresecond nodes of the at least one second node that are candidates forbackup destination of the original data, and saving the backupdestination node information in a predetermined storage unit; by abackup destination node calculation unit including one or moreprocessors, when executing backup of the original data, calculating asecond node of the at least one second node as the backup destinationfrom the one or more second nodes that are the candidates for the backupdestination included in the backup destination node information; and bya backup execution unit including one or more processors, replicatingand storing the original data from the storage of the first node intothe storage of the second node that is calculated.
 6. A backup systemcomprising: an information acquisition unit including one or moreprocessors, configured to acquire disaster information; a backupdestination node information generation unit including one or moreprocessors, configured to, based on the disaster information, generategroup information including a first node having at least one of data, aVM, or a container, and one or more second nodes that are candidates forbackup destination of the first node; a backup destination nodecalculation unit, including one or more processors, configured to use atleast one of network information or node information to determine abackup destination node from among the one or more second nodes in thegroup information; and a backup execution unit including one or moreprocessors, configured to replicate at least one of the data, the VM, orthe container to the backup destination node.
 7. The backup systemaccording to claim 6, further comprising: a damage determination unitincluding one or more processors, configured to determine whether boththe first node and the backup destination node are included in adisaster area of dynamic disaster information with a high updatefrequency, the dynamic disaster information being acquired by theinformation acquisition unit; and an execution determination unitincluding one or more processors, configured to, when both the firstnode and the backup destination node are included in the disaster area,determine whether a damage rate of the first node and the backupdestination node is larger than a user failure rate demanded by a user,wherein when the damage rate is the user failure rate or more, thebackup execution unit is configured to replicate at least one of thedata, the VM, or the container stored in the first node or the backupdestination node, to a third node.
 8. A non-transitory computer readablemedium storing a program that causes a computer to operate as each ofthe units of a backup system, in a network including a plurality ofnodes, each of the plurality of nodes to which storage is deployed, forreplicating and storing original data stored in storage of a first nodeof the plurality of nodes into storage of at least one second node ofthe plurality of nodes, the backup system comprising: an informationacquisition unit, including one or more processors, configured toacquire disaster information, network information, and node information;a backup destination node information generation unit, including one ormore processors, configured to, based on the disaster information, thenetwork information, and the node information, generate backupdestination node information including association information betweenthe first node that stores the original data and one or more secondnodes of the at least one second node that are candidates for backupdestination of the original data, and save the backup destination nodeinformation in a predetermined storage unit; a backup destination nodecalculation unit, including one or more processors, configured to, whenexecuting backup of the original data, calculate a second node of the atleast one second node as the backup destination from the one or moresecond nodes that are the candidates for the backup destination includedin the backup destination node information; and a backup execution unit,including one or more processors, configured to replicate and store theoriginal data from the storage of the first node into the storage of thesecond node that is calculated.
 9. The non-transitory computer readablemedium according to claim 8, wherein the backup system furthercomprises: a data detection unit, including one or more processors,configured to detect saving of the original data in the storage of thefirst node, wherein when the data detection unit detects the saving ofthe original data, the backup execution unit inquires is configured toinquire the backup destination node calculation unit about the secondnode that is the backup destination, and replicates replicate and storesstore the original data into the storage of the second node related to aresponse to the inquiry.
 10. The backup method according to claim 5,further comprising: by the backup destination node informationgeneration unit excluding, from all of the plurality of nodes, othernodes of the plurality of nodes included in the disaster informationthat includes a disaster occurrence location including the first node,and selecting the one or more second nodes that are the candidates forthe backup destination from among the other nodes that are excluded. 11.The backup method according to claim 5, further comprising: by thebackup destination node calculation unit, calculating, based on an indexvalue, as an entire system, of storage usage efficiency or cost, or anindex value of throughput at backup, a node of the plurality of nodesfrom among a plurality of second nodes that are the candidates for thebackup destination included in the backup destination node informationso as to optimize the index value.
 12. The backup method according toclaim 5, further comprising: by a data detection unit, including one ormore processors, detecting saving of the original data in the storage ofthe first node; and by the backup execution unit, in response to thedata detection unit detecting the saving of the original data, inquiringthe backup destination node calculation unit about the second node thatis the backup destination, and replicating and storing the original datainto the storage of the second node related to a response to theinquiry.